Net Access Blog

Happy National Cyber Security Awareness Month!

Posted by Gene Rogers on Oct 5, 2015 4:31:50 PM

This month marks National Cyber Security Awareness Month, which is a combined effort of Department of Homeland Security and the technology industry to raise awareness of cyber security and ensure that all Americans have the resources they need to remain safe and protected online. The “Stop. Think. Connect.” campaign, as part of Cyber Security Awareness Month, supports that responsibility by offering helpful Internet security tips to individuals and businesses.

Net Access understands the importance of cyber security—we help businesses protect their critical data every day. Our enterprise-class FLEXSecurity solutions provide comprehensive protection, performance and reliability for environments of all sizes. And we’re excited to bring attention to the importance of cyber security through this month-long initiative.

We are also hosting a Cybersecurity Awareness Month Panel Presentation at our Parsippany II data center on October 20th. Sponsored by the Morris County Chamber of Commerce Technology Committee, this event will feature Speakers James Mottola from Creative Solutions Investigative Services, Khizar A. Sheikh from Mandelbaum Salsburg PC and Tom Brennan from OWASP - The Open Web Application Security Project, as well as our own Raul Martynek, and will include a tour of the data center. This event is open to both members and non-members, and includes a continental breakfast, Full registration details can be found HERE.


Read More

Topics: Managed DDoS

Protect Your Business Network With Managed DDoS Mitigation

Posted by Dan Spataro on May 28, 2014 9:44:00 AM

Dan-Spataro VP of Engineering at Net AccessPrior to January 2014, a typical DDoS attack against our Net Access customers could easily be intercepted and mitigated by our well trained NOC staff.  As an ISP, we have been dealing with DDoS attacks for many years.  The first generation of attacks were small volumetric or packet attacks destined for IRC servers.  Our staff would simply “blackhole” the server that was being attacked and eventually the attack would go away.  We had plenty of capacity on hand to absorb these attacks and mitigate them, without customer impact.

Over the past several years, we built our own tools that hooked into industry-available traffic monitoring and analysis systems like that of Netflow.  With the addition of Netflow we were able see who was being attacked and who was doing the attacking.  Our monitoring systems would alert us to when a customer was being attacked and we could then use Netflow to find the source of the attack.  We would then put an ACL (Access Control List) on the customers interface blocking the attack.  The attackers would usually get frustrated at their lack of success and stop trying.  Again, back then, we had plenty of capacity in the network on hand to absorb these attacks and other than the actual customer being attacked, there was no collateral damage to anyone else within our environment.

DDoS - A Game Changer

The game changed in the early part of this year, when we saw our first 40+ Gbps DDoS attack.  A volumetric attack of this size can fill ports to 100% capacity in a matter of minutes.  Events like this can cause latency and dropped packets across an entire network, negatively affecting Internet facing customers.  We have spoken to many of our contacts, partners, suppliers, competitors and experts in the industry - they are all seeing the same rapid increases and growth in DDoS attacks and experiencing the same types of issues we are.  These attacks are exceptionally large, UDP based and frequent.  We all agree this is definitely an industry and Internet wide problem.

What Is Net Access Doing About DDoS Attacks?

In response to this rapidly growing problem, we have or are in the process of:

  • Expanding our network capacity with the addition of more ports, peering bandwidth, upstream bandwidth, new high capacity border routers and greater metro backbone capacity – in total spending over $1m on new equipment alone in the past few months.

  • Crafted many custom filters to lessen the impact of these large attacks by stopping the attacks at the borders, which in turn does not let the majority of the bad traffic reach, its destination (typically a customer).

  • Deployed an in-network advanced early warning system that provides Analytics and Monitoring with DDoS Mitigation to rapidly identify new attacks natively; and by referencing the DDoS Fingerprint database automatically alerting the NOC.

  • Implemented processes to deploy new filters at the borders using data provided by our early warning system to stop attacks with new signatures.

We understand our customers running critical applications need 100% network uptime, and even a couple minutes of congestion is completely unacceptable.  These upgrades allow us to exponentially increase our network capacity which allows us to detect, absorb and mitigate these next generation attacks; limiting the impact to our Internet facing customers to an absolute minimum.

Application and protocol attacks destined for our customers have also increased in frequency and complexity.  Attackers know they can easily defeat firewalls or servers by throwing a large number of packets at it.  So in addition to the steps Net Access is taking to protect the borders, network and mitigate attacks, we have made our Arbor Networks based Analytics and Monitoring with DDoS Mitigation solution available to customers as a managed service; providing yet another line of defense.

The Managed DDoS Mitigation service will notify customers and our Network Operation Center (NOC) of an attack on their environment, as it starts.  Customers can then choose to log into the our custom web portal and mitigate the attack themselves or let the Net Access NOC mitigate the attack for them, providing a completely hands-off solution.

How Good Is This?

As recently as last week, we intercepted a 40-60 Gbps DDoS attack targeted at one of our Internet facing customers.  We identified the attack, mitigated and blocked it in under 4 minutes – and that’s before we have completed all the upgrades!  So we are more than confident that we’ll do an even better job in the very near future!

To learn more about Net Access' Managed DDoS and our complete portfolio of managed services, please contact us today.

Dan Spataro, VP of Engineering

Read More

Topics: Managed DDoS